Your HR and Payroll compliance and policy solution! Comply with federal, state, and international laws, find answers to your most challenging questions, get timely updates with email alerts, and more with our suite of products.

BRUSSELS--European Union member state ministers in charge of telecommunications infrastructure will be asked when they meet June 6 if they back a proposed EU cybersecurity law, or if its goals can be achieved through a voluntary approach, according to an EU Council progress report prepared for the meeting.

The European Commission, the European Union’s executive arm, published a draft network and information security directive (NIS Directive) Feb. 7, saying that about 42,000 companies in sectors considered vulnerable to cyber-attacks should have enhanced cybersecurity obligations (12 PVLR 225, 2/11/13).

The draft NIS Directive would require large companies in sectors such as energy, financial services, and transportation to adopt risk management practices and report major security incidents on their core services, though the Commission’s proposal said that definitions of terms such as “risk management practices” and “major security incidents” would be left to a later date.

Telecommunications companies and internet service providers that provide services on public networks already have an obligation to notify competent national authorities of data breaches, under the EU e-Privacy Directive (8 PVLR 1721, 12/7/09).

Mandate Approach Questioned

The EU Council progress report, dated May 28, said that in preliminary discussions between EU member state representatives, some countries “requested further justification from the Commission why a legislative, rather than a voluntary approach, would be the preferred option to tackle the uneven level of security capabilities across the EU and the insufficient sharing of information on incidents, risks, and threats.”

The progress report added that “other parts of the world, such as the USA, appear to opt for a more voluntary and flexible approach with regard to cybersecurity standards,” and mandatory EU standards “might create inconsistencies for companies whose operations span several jurisdictions, as is usually the case with many online services.”

“Most” countries had also “raised the issue of the perceived significant costs involved in the implementation of the Directive,” the progress report added.

Call to Improve Impact Assessment

In addition, the progress report said that countries wanted the Commission to improve its impact assessment on the proposed NIS Directive and had questioned which sectors and institutions should be included within its scope.

The progress report said that EU member states had not finalized their opinions on another proposal contained in the draft directive, the requirement for all countries to adopt network and information security strategies and to share information on threats at the EU level.

The EU Council is the institution that represents the governments of EU member states, and which is responsible for formulating the agreed positions of EU governments in negotiations with the European Parliament on new legislation.

Telecommunications ministers meeting June 6 will debate the issues raised in the progress report but will not take any formal decisions on the NIS Directive.

The government of the United Kingdom May 22 opened a consultation seeking public comment on the NIS Directive (see related report).

All Bloomberg BNA treatises are available on standing order, which ensures you will always receive the most current edition of the book or supplement of the title you have ordered from Bloomberg BNA’s book division. As soon as a new supplement or edition is published (usually annually) for a title you’ve previously purchased and requested to be placed on standing order, we’ll ship it to you to review for 30 days without any obligation. During this period, you can either (a) honor the invoice and receive a 5% discount (in addition to any other discounts you may qualify for) off the then-current price of the update, plus shipping and handling or (b) return the book(s), in which case, your invoice will be cancelled upon receipt of the book(s). Call us for a prepaid UPS label for your return. It’s as simple and easy as that. Most importantly, standing orders mean you will never have to worry about the timeliness of the information you’re relying on. And, you may discontinue standing orders at any time by contacting us at 1.800.960.1220 or by sending an email to books@bna.com.

Put me on standing order at a 5% discount off list price of all future updates, in addition to any other discounts I may quality for. (Returnable within 30 days.)

Notify me when updates are available (No standing order will be created).

This Bloomberg BNA report is available on standing order, which ensures you will all receive the latest edition. This report is updated annually and we will send you the latest edition once it has been published. By signing up for standing order you will never have to worry about the timeliness of the information you need. And, you may discontinue standing orders at any time by contacting us at 1.800.372.1033, option 5, or by sending us an email to research@bna.com.

Put me on standing order

Notify me when new releases are available (no standing order will be created)